Consolidated cloud security has reduced manual work and has automated vulnerability remediation
How has it helped my organization?
My customer saw benefits from using SentinelOne Singularity Cloud Security as we are able to actually fix the vulnerabilities. There are many infrastructure components that need to be properly patched. We have a hybrid platform with hyper-scaler components. My customer is into hyper-scaler environments, and there are many aspects that need to be properly patched. We have plenty of cloud native applications that have been hosted in both AWS and Azure. Governing all of this requires many employees to govern it. When we implemented SentinelOne, the team was shortened from 25 people to only 15 or 16 people. This reduction occurred because of the consolidated platform and all the vulnerabilities showing up in the console have been automatically patched. The vulnerabilities automatically go to the SIEM and are patched by the application team, and the vulnerabilities in the cloud are patched by the cloud department. This was much easier because the integration with the SIEM, which was LogRhythm on premise, was much easier than Trend Micro. Trend Micro would have required syslog servers, but SentinelOne only had three or four steps and just connected to the log server. LogRhythm was able to easily fetch the logs from it.
The role of SentinelOne's secret scanning feature is very important in tightening my company's cloud hygiene. In an infrastructure where there are hybrid cloud and different vendors of cloud such as AWS and Azure, maintaining both clouds and having a resource pool with the skill set of AWS and Azure is very difficult. After implementing CSPM, I could have a vulnerability management system under one roof where I could take the misconfiguration of Azure and AWS at the same place and get it done by a limited amount of users. SentinelOne CSPM knows how AWS configuration and Azure configuration work, so I can know about it and fix it all in one place. SentinelOne has eased the process of finding vulnerabilities in each cloud platform. I have vulnerability visibility for every tenant that I have hosted in different cloud hosting platforms, and it has eased my work of fixing the vulnerabilities.
The impact and effectiveness SentinelOne had in managing cloud identities and enforcing least privilege is evident in an incident where SentinelOne helped us. There were some identities which did not have two-factor authentication. In fact, they were not even linked to our Active Directory. It turned out that the cloud infrastructure had some identities from the company which implemented that cloud. We were able to find accounts which were not supposed to exist in the cloud infrastructure because it mapped itself with the Active Directory and fetched all the users who actually need access to the AWS server. We found out that these two users were not in there, identified the anomaly, and deleted the identities from the cloud platforms.
What is most valuable?
My experience includes implementing SentinelOne Singularity Cloud Security, specifically the Cloud Singularity as a marketplace for AWS and Azure. I only have to connect the connectors from the marketplace, and as soon as I get the license, I can deploy it from the marketplace and start using it. The deployment phase was actually easy when I connected with the connectors from AWS and Azure marketplace.
I compared Trend Micro and SentinelOne Singularity Cloud Security with two POCs for both of them. SentinelOne was at the higher price end, but my customer and the management opted for it because of the integrity and the better coverage. The ease of deployment mechanism in SentinelOne is not present in Trend Micro. In Trend Micro, for each cloud platform, such as AWS, I need to have another localhost web URL to access that particular dashboard. In SentinelOne, I can manage everything under one particular URL and there are different functions to it. I can easily navigate to any dashboard that I require, so the ease of using SentinelOne was easier than Trend Micro. The better coverage and easy deployment is the second part. Trend Micro had some manual intervention required and an extra server needed to be a jump server for all the traffic to be passed. SentinelOne had both on-premise and cloud options, which was another plus point for the customer.
In Cloud Singularity, there is a cloud native application, and in that, there is CSPM. We also used to have CWSPM. In CSPM, we only used to get the vulnerabilities in the cloud configuration, just the misconfiguration. In SentinelOne CWSPM, the attack map and the graph that it created inside the dashboard gave me a better idea for myself and the management to fix the most vulnerable issues. There might be some vulnerabilities with a higher risk rate, but some CVE IDs with lesser risk rate could have caused major damage to the company's infrastructure than the CVE with the higher risk end. The attack graph which CWSPM showed in SentinelOne was the best thing I have come across because it gave me a better visibility of the whole infrastructure and what vulnerabilities can be impactful and more critical to any customer.
SentinelOne's runtime protection is lightweight. I would say it is very lightweight and it does not even feel that I am running a SentinelOne agent in the systems. Compared to Checkpoint EDR, SentinelOne is a lot better because the Checkpoint agent takes a major chunk of the RAM of the desktop. SentinelOne barely takes around 25 MB of the RAM, so it is very easy and lightweight.
Regarding SentinelOne Singularity Cloud Security advanced SIEM capabilities, we had log servers. There were only EDR part and the CSPM, and it actually created the attack graph matrix and created it as a SIEM. We have actually used it. The logs are very much in real time and the false positive was less compared to the LogRhythm ones.
What needs improvement?
I elaborate on my rating of SentinelOne support by mentioning that there was some time where the troubleshooting took a longer time. In fact, there were many meetings going on. The availability of the document on the internet is on a lesser side because as an engineer, I would want to know about the troubleshooting aspects of this particular tool. When I am facing a customer, I do not prefer to bring the vendor to every call and try to resolve it, as it takes months and months. It would be better to have a training session with the engineer on site to explain and train properly. This is not the case with SentinelOne, so this is the only thing I have a complaint about.
I do not have any other room for improvement to suggest within SentinelOne itself. However, I would really want the AI assistant for the threat hunting part to be more accessible. They have it, but they are making it licensed, so it is a bit on the higher end.
What do I think about the stability of the solution?
Regarding stability and availability of SentinelOne Singularity Cloud Security, it has been on and stable every time I have opened it. There are no issues for me with respect to the availability of it, so it is going good.
What do I think about the scalability of the solution?
SentinelOne Singularity Cloud Security scalability does grow well with the growing needs of my company and my client's company. We are trying to make every other component SentinelOne so that we can have a better attack map walkthrough and have clearer visibility for where the attack can be associated with. We are trying to replace whichever security solutions are necessary to create a consolidated attack map vector which we call the Singularity, the Cloud Singularity, so that everything comes under one and we can get a better overview of all the vulnerabilities and fix it accordingly.
How are customer service and support?
Regarding the level of support I am getting from SentinelOne, I would rate it a seven out of ten.
Which solution did I use previously and why did I switch?
Since switching to SentinelOne, I have been able to eliminate three tools or solutions. The first was Trend Micro EDR, which SentinelOne replaced. The second one was Tenable Synapse, which we replaced with CSPM from SentinelOne. The third one was the SIEM LogRhythm.
Which other solutions did I evaluate?
I compared Trend Micro and SentinelOne Singularity Cloud Security.
What other advice do I have?
SentinelOne CSPM also eliminates misconfiguration on its own after one approval, which is a very good thing that I actually liked about SentinelOne CSPM.
The rating of nine is because of some false positives that I found recently. There was some misconfiguration from cloud servers which I thought was not necessary. That is the one point that I reduced for. They can improve, but they are better than other solutions, which is the reason it received a nine and not a ten.
If someone is considering and evaluating SentinelOne Singularity Cloud Security, I want to advise them to opt for SentinelOne because if you want integrity and faster driven insights on your whole infrastructure, you should really opt for SentinelOne because it has ease of access, easy deployment, and you would require only fewer engineers to deploy it because it is not a big Checkpoint level complex integrity that you have to do in SentinelOne. I gave this review an overall rating of nine out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Cloud posture has improved and security team gains instant visibility into misconfigurations
What is our primary use case?
SentinelOne Singularity Cloud Security is the module we are using, specifically for endpoint protection. We have been using this particular product for the last two months.
I am currently using the cloud security posture management capabilities. We are managing multiple cloud platforms, including AWS, Azure, and GCP. I need a consolidated security posture management across all of my cloud platforms.
We are managing multiple cloud workload profiles. For example, someone has mistakenly configured 0.0.0.0 access, and some misconfiguration has occurred. I want to get that update immediately, otherwise people may use that flaw and attack us. This misconfiguration detection will help us in eliminating missed configurations or configurations that our people have mistakenly implemented. That is my major use case. Additionally, I will get the consolidated asset inventory. These three purposes are what I am using Cloud Security Posture Management for.
What is most valuable?
The single-touch, agentless deployment is number one. Normally, with CSPM, we do not want to do any agent integration to get the details of a VM or workload. For example, I have some container repositories, and I want to get that list. I would have to install the agent.
Here, with
SentinelOne Singularity Cloud Security, I do not want to install the agent. This deployment is an agentless deployment.
The offensive security particular solution works by going through logs and seeing the logs on everything. It will provide complete visibility related to false positive and true positive information. That provides more visibility on the technical front. For example, if you are creating a use case on a SIM and that particular use case is not matching your end-to-end information related to our environment, it will not throw the alert. If you implement the offensive security, it will straight away point out that particular issue in that incident because the alert was triggered by that event.
Secret scanning is our automated scanning. We do not want to do the manual effort, and we do not want to create any automation during production. The moment you do this, the secret scanning will work because it is runtime scanning.
What needs improvement?
SentinelOne Singularity Cloud Security is a little expensive compared to my earlier product, CloudGuard. This product is a little expensive, not over-expensive.
Mean time to detection and mean time to respond is a critical aspect. Most of the incidents sometimes will not be detected if you are not configured properly. The MTTR is very important. That is the reason we have mentioned that to eliminate the misconfiguration part, we need Cloud Security Posture Management. Because if someone has created an account opening 0.0.0.0, and then someone has opened the 'all all' access in the cloud instance itself, then anybody can come and penetrate my cloud workload and destroy it. In that scenario, I want to get a proper, proactive approach. The moment someone has made a mistake, I have to immediately respond. Then only can I protect. To eliminate the manual mistake and misconfiguration, this particular tool does the immediate alert so that we can prevent our cloud workloads based on the priority and based on the alert triggers. We can eliminate the alerts and incidents.
There is one concern related to SentinelOne Singularity Cloud Security platform. They claim it as an AI-based integration that will provide runtime protection. The moment it comes to the runtime protection, if someone is using an existing tool, this particular tool does not scan because we need to achieve it. For example, I have a CrowdStrike EDR in my console, on my VM, I have it installed. This particular runtime also has to be protected. Most of the runtime protection has to be implemented in a proper manner. For that reason, we are doing the scanning on an immediate basis. The first time, this particular runtime protection is not working. For example, I am trying that for the first time, and it is not getting the protection part. It is not working. If I try that particular trial again, only after that is it getting one more runtime protection. It is detection, and then it is getting the protection also.
For how long have I used the solution?
What do I think about the stability of the solution?
I have never faced such an issue. In the earlier product I have mentioned, the cloud management console on the Check Point may have some latency issues, but not for this product.
What do I think about the scalability of the solution?
SentinelOne Singularity Cloud Security is a SaaS platform. As long as you are going with the SaaS platform, scalability may not be an issue.
How are customer service and support?
It is complete remote support only. They are coming on the remote based on our availability. Based on our criticality also, they are doing that.
Which solution did I use previously and why did I switch?
I have done the POC and then I got the results. Commercially, it is a little costlier than the other provider. Then we have gone with SentinelOne Singularity Cloud Security.
What was our ROI?
The return on investment is very much achievable in ten months. The product compared to
Wiz, which is one more product we have tested, is more favorable. We have not gone through that product because commercially it is very high compared to other products. SentinelOne Singularity Cloud Security is a little bit cheaper than the other product named
Wiz.
What other advice do I have?
My review rating for SentinelOne Singularity Cloud Security is 8.5.
Effortless to Use and Highly Intuitive
What do you like best about the product?
What I like best about SentinelOne Singularity Cloud Security is its ease of use combined with a very streamlined and intuitive implementation. The platform provides strong visibility and protection across cloud workloads without adding operational complexity. Its unified console, automated threat detection, and clear insights make it easier for engineering and security teams to quickly deploy, manage, and respond to risks at scale while maintaining a strong security posture.
What do you dislike about the product?
I don’t have any major dislikes, but like many powerful security platforms, SentinelOne Singularity Cloud Security can require time to fully understand and tune advanced features for specific environments. Some configurations and alerts may need fine-tuning to reduce noise and better align with an organization’s workflows. That said, this is typical of robust security solutions and improves with experience and customization.
What problems is the product solving and how is that benefiting you?
SentinelOne Singularity Cloud Security helps solve the challenge of securing cloud workloads and environments at scale while maintaining visibility and control. It addresses risks such as misconfigurations, runtime threats, and unauthorized access across dynamic cloud infrastructures. By providing centralized monitoring, automated threat detection, and rapid response capabilities, it reduces operational overhead, improves incident response time, and allows teams to confidently scale cloud services without compromising security or customer trust.
Comprehensive Cloud Security with Strong Visibility and Automation
What do you like best about the product?
What I like best about SentinelOne Singularity Cloud Security is its strong AI-driven threat detection and automated response, which significantly reduces the need for manual intervention and helps security teams respond to incidents faster. The platform offers centralized visibility across cloud workloads and environments, making it easier to manage security in hybrid and multi-cloud setups. Its automation helps minimize alert fatigue while still providing deep insights into risks and misconfigurations, and it integrates well with major cloud providers and existing security workflows. Overall, it strengthens cloud security posture while improving efficiency for security teams.
What do you dislike about the product?
What I dislike about SentinelOne Singularity Cloud Security is that the initial setup and policy configuration can be complex and time-consuming, especially for teams without deep cloud security expertise. Alert tuning and reducing false positives may require ongoing effort, and some areas of the dashboard are not as intuitive as they could be. Additionally, the platform can feel expensive or heavy for smaller environments, and there are occasional limitations around reporting, search, or overall usability that could be improved.
What problems is the product solving and how is that benefiting you?
SentinelOne Singularity Cloud Security solves visibility gaps and risk blind spots across cloud environments by unifying posture, workload protection, and threat detection in one platform. It automates security monitoring and compliance, reducing manual effort and response time. This helps me quickly identify and remediate vulnerabilities, enforce secure configurations, and protect cloud workloads from attacks. As a result, it improves overall cloud security posture and lowers operational risk.
Effortless Threat Detection and Unified Security with Excellent Support
What do you like best about the product?
1.Autonomous Threat Detection
2.It provides real-time visibility into workloads and containers, automatically isolates threats, and remediates issues without manual intervention.
3.Singularity Cloud Security offers unified visibility across endpoints, workloads, and containers from a single console.
4. Management handling is very easy.
5. Easy to implement the agent on the endoints.
6. Customer support is excellent.
What do you dislike about the product?
1. Initial setup and policy configuration can be a bit complex.
2.Alert tuning and policy fine-tuning take some time to get right.
3.ometimes the agent deployment in cloud-native environments requires additional manual steps, especially across Kubernetes clusters.
What problems is the product solving and how is that benefiting you?
SentinelOne Singularity Cloud Security helps us protect cloud workloads and containers in real time. It automatically detects and remediates threats before they can spread, giving us complete visibility across our hybrid and multi-cloud environments. This has significantly reduced manual investigation time and strengthened our overall security posture.
Powerful Cloud Security with a Steep Learning Curve
What do you like best about the product?
SentinelOne Singularity Cloud Security is great because it protects cloud servers, containers, and data in realtime.
It finds real security risks (keys leak) not just alerts by analyzing how attackers could exploit systems.
It supports multi-cloud environments like AWS, Azure, and GCP in one dashboard.
It also scans CI/CD pipelines and IaC to catch issues early before deployment.
What do you dislike about the product?
SentinelOne Singularity Cloud Security can be a bit complex to set up and learn.
It may show some false alerts that need tuning. The platform can feel heavy and expensive for smaller teams. The dashboard and UI could be more user friendly in some areas.
What problems is the product solving and how is that benefiting you?
It helps find and fix cloud and Kubernetes security issues before they cause problems. It protects workloads in real time from attacks and malware. It gives one place to see security for all cloud resources and containers. This saves time, reduces risk, and keeps applications and data secure.
